<?php
	require_once('../inc/fen_fns.php');
	sec_session_start();
	
	
	
	if (login_check($mysqli, '>', '10') == true) {

		$oldpassword = $_POST['oldpassword'];
		$newpassword = $_POST['newpassword'];
		$newpassword2 = $_POST['newpassword2'];
		
		$username = $_SESSION['username'];
		

		if ($newpassword == $newpassword2 && strlen($newpassword) > 5) {
		
			$password = hash('sha512', $newpassword);
			$oldpassword = hash('sha512', $oldpassword);

			
			// Create a random salt
			$random_salt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
			// Create salted password (Careful not to over season)
			$password = hash('sha512', $password.$random_salt);
			
			if (login($username, $oldpassword, $mysqli) == true) {
				// Login success

				$query = $_DB->Query("update fen_members set
						password = '$password',
						salt = '$random_salt',
						modified_by = '".$_SESSION['username']."',
						date_modified = DATE_ADD(CURRENT_TIMESTAMP, INTERVAL 3 HOUR)
						WHERE
						id = '".$_SESSION['user_id']."'
						");
				
				header('Location: ../index.php?error=3');
				
			} else {
				// Login failed
				header('Location: ../changepassword.php?error=1');
			}
			

		} else {
	

			header('Location: ../changepassword.php?error=1');
			
		}
	

	} else {
		header('Location: ./index.php?error=2');
	}

?>	